⭐ Beginner — No coding experience needed
GDPR for Websites: Cookie Banners, Trackers and Privacy
Learn what GDPR requires for your website, the most common compliance failures, and how to audit your site for cookie banner issues, tracker problems and privacy policy gaps. Step by step for complete beginners.
What you will learn in this guide
- What GDPR requires from your website as a minimum
- What a cookie consent banner must do to be compliant
- Which cookies require consent and which do not
- What your privacy policy must include
- How to audit your site for GDPR compliance
- The quickest fixes to become compliant today
1 What GDPR requires from your website
GDPR (General Data Protection Regulation) applies to any website that collects data from people in the UK or EU. If you have a contact form, use Google Analytics, or have a Facebook Pixel — GDPR applies to you.
Legal note: The UK ICO can issue fines of up to £17.5 million or 4% of annual global turnover for serious GDPR breaches. For small businesses, complaints and enforcement notices are more common than large fines — but these still damage reputation.
2 What your website must have
| Requirement | What it means |
|---|---|
| Cookie consent banner | Must show BEFORE any non-essential cookies load. Must have reject option as easy to use as accept. |
| Privacy policy | Must explain what data you collect, why, how long you keep it, and users' rights. |
| Cookie policy | Must list every cookie used, its purpose, and how long it lasts. |
| Contact details | Users must be able to contact you to exercise their data rights. |
| Data subject rights | Users have the right to access, correct and delete their data. |
3 How to check your GDPR compliance
- 1Run the GDPR AuditGo to content-tools.html#gdpr — it is free to run. Enter your site URL and it checks for cookie banners, privacy policy, trackers loading before consent and security headers.
- 2Fix any trackers loading before consentThis is the most common failure. Google Analytics, Facebook Pixel and other trackers must not fire until the user clicks Accept on your consent banner. Check your tag manager setup.
- 3Use the GDPR Kit to generate compliant documentsThe GDPR Kit tool generates a tailored privacy policy, cookie policy and consent banner for your specific site. Copy and paste — no legal expertise needed.